11:53 a.m.
This patch adds a relaxng nwfilter schema along with a test that
verifies all the test output XML against the schema. The input XMLs
contain a lot of intentional out-of-range values that make them fail the
schema verification, so I am not verifying against those.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
Signed-off-by: Gerhard Stenzel <gerhard.stenzel(a)de.ibm.com>
---
docs/schemas/Makefile.am | 3
docs/schemas/domain.rng | 31 +
docs/schemas/nwfilter.rng | 783
++++++++++++++++++++++++++++++++++++++++++++++
libvirt.spec.in | 1
tests/Makefile.am | 4
tests/nwfilterschematest | 11
6 files changed, 831 insertions(+), 2 deletions(-)
Index: libvirt-acl/docs/schemas/Makefile.am
===================================================================
--- libvirt-acl.orig/docs/schemas/Makefile.am
+++ libvirt-acl/docs/schemas/Makefile.am
@@ -10,6 +10,7 @@ schema_DATA = \
storagepool.rng \
storagevol.rng \
nodedev.rng \
- capability.rng
+ capability.rng \
+ nwfilter.rng
EXTRA_DIST = $(schema_DATA)
Index: libvirt-acl/libvirt.spec.in
===================================================================
--- libvirt-acl.orig/libvirt.spec.in
+++ libvirt-acl/libvirt.spec.in
@@ -785,6 +785,7 @@ fi
%{_datadir}/libvirt/schemas/interface.rng
%{_datadir}/libvirt/schemas/secret.rng
%{_datadir}/libvirt/schemas/storageencryption.rng
+%{_datadir}/libvirt/schemas/filter.rng
%{_datadir}/libvirt/cpu_map.xml
Index: libvirt-acl/docs/schemas/nwfilter.rng
===================================================================
--- /dev/null
+++ libvirt-acl/docs/schemas/nwfilter.rng
@@ -0,0 +1,783 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<grammar ns="" xmlns="http://relaxng.org/ns/structure/1.0"
datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
+ <start>
+ <ref name="filter"/>
+ </start>
+ <define name="filter">
+ <element name="filter">
+ <ref name="filter-node-attributes"/>
+ <zeroOrMore>
+ <choice>
+ <element name="filterref">
+ <ref name="filterref-node-attributes"/>
+ </element>
+ <element name="uuid">
+ <ref name="UUID"/>
+ </element>
+ </choice>
+ </zeroOrMore>
+ <zeroOrMore>
+ <element name="rule">
+ <ref name="rule-node-attributes"/>
+ <optional>
+ <zeroOrMore>
+ <element name="mac">
+ <ref name="match-attribute"/>
+ <ref name="common-l2-attributes"/>
+ <ref name="mac-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="arp">
+ <ref name="match-attribute"/>
+ <ref name="common-l2-attributes"/>
+ <ref name="arp-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="ip">
+ <ref name="match-attribute"/>
+ <ref name="common-l2-attributes"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-port-attributes"/>
+ <ref name="ip-attributes"/>
+ <ref name="dscp-attribute"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="ipv6">
+ <ref name="match-attribute"/>
+ <ref name="common-l2-attributes"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-port-attributes"/>
+ <ref name="ip-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="tcp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="udp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="sctp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="icmp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ <ref name="icmp-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="igmp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="all">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="esp">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="ah">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="udplite">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ip-attributes-p1"/>
+ <ref name="common-ip-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="tcp-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="udp-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="sctp-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-port-attributes"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="icmpv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ <ref name="icmp-attributes"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="all-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="esp-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="ah-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ <optional>
+ <zeroOrMore>
+ <element name="udplite-ipv6">
+ <ref name="match-attribute"/>
+ <ref name="srcmac-attribute"/>
+ <ref name="common-ipv6-attributes-p1"/>
+ <ref name="common-ipv6-attributes-p2"/>
+ </element>
+ </zeroOrMore>
+ </optional>
+ </element>
+ </zeroOrMore>
+ </element>
+ </define>
+
+ <!-- ########### attributes of XML nodes ############ -->
+
+ <define name="filter-node-attributes">
+ <attribute name="name">
+ <data type="NCName"/>
+ </attribute>
+ <optional>
+ <attribute name="chain">
+ <choice>
+ <value>root</value>
+ <value>arp</value>
+ <value>ipv4</value>
+ <value>ipv6</value>
+ </choice>
+ </attribute>
+ </optional>
+ </define>
+
+ <define name="filterref-node-attributes">
+ <attribute name="filter">
+ <data type="NCName"/>
+ </attribute>
+ <optional>
+ <element name="parameter">
+ <attribute name="name">
+ <ref name="parameter-name"/>
+ </attribute>
+ <attribute name="value">
+ <ref name="parameter-value"/>
+ </attribute>
+ </element>
+ </optional>
+ </define>
+
+ <define name="rule-node-attributes">
+ <attribute name="action">
+ <ref name='action-type'/>
+ </attribute>
+ <attribute name="direction">
+ <ref name='direction-type'/>
+ </attribute>
+ <optional>
+ <attribute name="priority">
+ <ref name='priority-type'/>
+ </attribute>
+ </optional>
+ </define>
+
+ <define name="match-attribute">
+ <interleave>
+ <optional>
+ <attribute name="match">
+ <choice>
+ <value>yes</value>
+ <value>no</value>
+ </choice>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="srcmac-attribute">
+ <interleave>
+ <optional>
+ <attribute name="srcmacaddr">
+ <ref name="addrMAC"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="common-l2-attributes">
+ <interleave>
+ <ref name="srcmac-attribute"/>
+ <optional>
+ <attribute name="srcmacmask">
+ <ref name="addrMAC"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstmacaddr">
+ <ref name="addrMAC"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstmacmask">
+ <ref name="addrMAC"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="common-ip-attributes-p1">
+ <interleave>
+ <optional>
+ <attribute name="srcipaddr">
+ <ref name="addrIP"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="srcipmask">
+ <ref name="addrMask"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstipaddr">
+ <ref name="addrIP"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstipmask">
+ <ref name="addrMask"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="common-ip-attributes-p2">
+ <interleave>
+ <optional>
+ <attribute name="srcipfrom">
+ <ref name="addrIP"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="srcipto">
+ <ref name="addrIP"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstipfrom">
+ <ref name="addrIP"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstipto">
+ <ref name="addrIP"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dscp">
+ <ref name="sixbitrange"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="common-ipv6-attributes-p1">
+ <interleave>
+ <optional>
+ <attribute name="srcipaddr">
+ <ref name="addrIPv6"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="srcipmask">
+ <ref name="addrMaskv6"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstipaddr">
+ <ref name="addrIPv6"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstipmask">
+ <ref name="addrMaskv6"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="common-ipv6-attributes-p2">
+ <interleave>
+ <optional>
+ <attribute name="srcipfrom">
+ <ref name="addrIPv6"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="srcipto">
+ <ref name="addrIPv6"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstipfrom">
+ <ref name="addrIPv6"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstipto">
+ <ref name="addrIPv6"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dscp">
+ <ref name="sixbitrange"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="common-port-attributes">
+ <interleave>
+ <optional>
+ <attribute name="srcportstart">
+ <ref name="uint16range"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="srcportend">
+ <ref name="uint16range"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstportstart">
+ <ref name="uint16range"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="dstportend">
+ <ref name="uint16range"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="icmp-attributes">
+ <interleave>
+ <optional>
+ <attribute name="type">
+ <ref name="uint8range"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="code">
+ <ref name="uint8range"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="mac-attributes">
+ <interleave>
+ <optional>
+ <attribute name="protocolid">
+ <ref name="mac-protocolid"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="arp-attributes">
+ <interleave>
+ <optional>
+ <attribute name="arpsrcmacaddr">
+ <ref name="addrMAC"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="arpsrcipaddr">
+ <ref name="addrIP"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="arpdstmacaddr">
+ <ref name="addrMAC"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="arpdstipaddr">
+ <ref name="addrIP"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="hwtype">
+ <ref name="uint16range"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="opcode">
+ <ref name="arpOpcodeType"/>
+ </attribute>
+ </optional>
+ <optional>
+ <attribute name="protocoltype">
+ <ref name="uint16range"/>
+ </attribute>
+ </optional>
+ </interleave>
+ </define>
+
+ <define name="ip-attributes">
+ <optional>
+ <attribute name="protocol">
+ <ref name="ipProtocolType"/>
+ </attribute>
+ </optional>
+ </define>
+
+ <define name="dscp-attribute">
+ <optional>
+ <attribute name="dscp">
+ <ref name="sixbitrange"/>
+ </attribute>
+ </optional>
+ </define>
+
+ <!-- ################ type library ################ -->
+
+ <define name="UUID">
+ <choice>
+ <data type="string">
+ <param name="pattern">[a-fA-F0-9]{32}</param>
+ </data>
+
+ <data type="string">
+ <param
name="pattern">[a-fA-F0-9]{8}\-([a-fA-F0-9]{4}\-){3}[a-fA-F0-9]{12}</param>
+ </data>
+ </choice>
+ </define>
+
+ <define name="addrMAC">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
+ </data>
+
+ <data type="string">
+ <param
name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param>
+ </data>
+ </choice>
+ </define>
+
+ <define name="addrIP">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
+ </data>
+
+ <data type="string">
+ <param
name="pattern">([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9]</param>
+ </data>
+ </choice>
+ </define>
+
+ <define name="addrIPv6">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+ </data>
+
+ <data type="string">
+ <param
name="pattern">([a-fA-F0-9]{0,4}:){2,7}([a-fA-F0-9]*)(([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9])?</param>
+ </data>
+ </choice>
+ </define>
+
+ <define name="addrMask">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+ </data>
+
+ <data type="int">
+ <param name="minInclusive">0</param>
+ <param name="maxInclusive">32</param>
+ </data>
+
+ <data type="string">
+ <param
name="pattern">([0-2]?[0-9]?[0-9]\.){3}[0-2]?[0-9]?[0-9]</param>
+ </data>
+ </choice>
+ </define>
+
+ <define name="addrMaskv6">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+ </data>
+
+ <data type="int">
+ <param name="minInclusive">0</param>
+ <param name="maxInclusive">128</param>
+ </data>
+
+ <data type="string">
+ <param
name="pattern">([a-fA-F0-9]{0,4}:){2,7}([a-fA-F0-9]*)</param>
+ </data>
+ </choice>
+ </define>
+
+ <define name="sixbitrange">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+ </data>
+
+ <data type="int">
+ <param name="minInclusive">0</param>
+ <param name="maxInclusive">63</param>
+ </data>
+ </choice>
+ </define>
+
+ <define name="mac-protocolid">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+ </data>
+
+ <data type="int">
+ <param name="minInclusive">1536</param>
+ <param name="maxInclusive">65535</param>
+ </data>
+
+ <choice>
+ <value>arp</value>
+ <value>ipv4</value>
+ <value>ipv6</value>
+ </choice>
+ </choice>
+ </define>
+
+ <define name="uint8range">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+ </data>
+
+ <data type="int">
+ <param name="minInclusive">0</param>
+ <param name="maxInclusive">255</param>
+ </data>
+ </choice>
+ </define>
+
+ <define name="uint16range">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+ </data>
+
+ <data type="int">
+ <param name="minInclusive">0</param>
+ <param name="maxInclusive">65535</param>
+ </data>
+ </choice>
+ </define>
+
+ <define name="arpOpcodeType">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+ </data>
+
+ <data type="int">
+ <param name="minInclusive">0</param>
+ <param name="maxInclusive">65535</param>
+ </data>
+
+ <data type="string">
+ <param
name="pattern">([Rr]eply|[Rr]equest|[Rr]equest_[Rr]everse|[Rr]eply_[Rr]everse|DRARP_[Rr]equest|DRARP_[Rr]eply|DRARP_[Ee]rror|InARP_[Rr]equest|ARP_NAK)</param>
+ </data>
+
+ </choice>
+ </define>
+
+ <define name="ipProtocolType">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">^[\\$]{1}[a-zA-Z0-9_]+$</param>
+ </data>
+
+ <data type="int">
+ <param name="minInclusive">0</param>
+ <param name="maxInclusive">255</param>
+ </data>
+
+ <choice>
+ <value>tcp</value>
+ <value>udp</value>
+ <value>udplite</value>
+ <value>esp</value>
+ <value>ah</value>
+ <value>icmp</value>
+ <value>igmp</value>
+ <value>sctp</value>
+ <value>icmpv6</value>
+ </choice>
+ </choice>
+ </define>
+
+ <define name="parameter-name">
+ <data type="string">
+ <param name="pattern">[a-zA-Z0-9_]+</param>
+ </data>
+ </define>
+
+ <define name="parameter-value">
+ <data type="string">
+ <param name="pattern">[a-zA-Z0-9_\.:]+</param>
+ </data>
+ </define>
+
+ <define name='action-type'>
+ <choice>
+ <value>drop</value>
+ <value>accept</value>
+ </choice>
+ </define>
+
+ <define name='direction-type'>
+ <choice>
+ <value>in</value>
+ <value>out</value>
+ <value>inout</value>
+ </choice>
+ </define>
+
+ <define name='priority-type'>
+ <data type="int">
+ <param name="minInclusive">0</param>
+ <param name="maxInclusive">1000</param>
+ </data>
+ </define>
+</grammar>
Index: libvirt-acl/tests/Makefile.am
===================================================================
--- libvirt-acl.orig/tests/Makefile.am
+++ libvirt-acl/tests/Makefile.am
@@ -74,6 +74,7 @@ EXTRA_DIST = \
xml2vmxdata \
nwfilterxml2xmlout \
nwfilterxml2xmlin \
+ nwfilterschematest \
$(patsubst %,qemuhelpdata/%,$(qemuhelpdata))
noinst_PROGRAMS = virshtest conftest \
@@ -120,7 +121,8 @@ test_scripts = \
storagepoolschematest \
storagevolschematest \
domainschematest \
- nodedevschematest
+ nodedevschematest \
+ nwfilterschematest
if WITH_LIBVIRTD
test_scripts += \
Index: libvirt-acl/tests/nwfilterschematest
===================================================================
--- /dev/null
+++ libvirt-acl/tests/nwfilterschematest
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+: ${srcdir=.}
+. $srcdir/test-lib.sh
+. $abs_srcdir/schematestutils.sh
+
+DIRS="nwfilterxml2xmlout"
+SCHEMA="nwfilter.rng"
+
+check_schema "$DIRS" "$SCHEMA"
+
Index: libvirt-acl/docs/schemas/domain.rng
===================================================================
--- libvirt-acl.orig/docs/schemas/domain.rng
+++ libvirt-acl/docs/schemas/domain.rng
@@ -894,6 +894,11 @@
<optional>
<ref name="address"/>
</optional>
+ <optional>
+ <element name="filterref">
+ <ref name="filterref-node-attributes"/>
+ </element>
+ </optional>
</interleave>
</define>
<!--
@@ -1577,6 +1582,22 @@
</element>
</define>
+ <define name="filterref-node-attributes">
+ <attribute name="filter">
+ <data type="NCName"/>
+ </attribute>
+ <optional>
+ <element name="parameter">
+ <attribute name="name">
+ <ref name="parameter-name"/>
+ </attribute>
+ <attribute name="value">
+ <ref name="parameter-value"/>
+ </attribute>
+ </element>
+ </optional>
+ </define>
+
<!--
Type library
@@ -1737,4 +1758,14 @@
<param name="pattern">[a-zA-Z0-9_\.\+\-/]+</param>
</data>
</define>
+ <define name="parameter-name">
+ <data type="string">
+ <param name="pattern">[a-zA-Z0-9_]+</param>
+ </data>
+ </define>
+ <define name="parameter-value">
+ <data type="string">
+ <param name="pattern">[a-zA-Z0-9_\.:]+</param>
+ </data>
+ </define>
</grammar>
8:10 a.m.
On Mon, Apr 05, 2010 at 12:53:19PM -0400, Stefan Berger wrote:
This patch adds a relaxng nwfilter schema along with a test that
verifies all the test output XML against the schema. The input XMLs
contain a lot of intentional out-of-range values that make them fail the
schema verification, so I am not verifying against those.
Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
Signed-off-by: Gerhard Stenzel <gerhard.stenzel(a)de.ibm.com>
---
docs/schemas/Makefile.am | 3
docs/schemas/domain.rng | 31 +
docs/schemas/nwfilter.rng | 783
++++++++++++++++++++++++++++++++++++++++++++++
libvirt.spec.in | 1
tests/Makefile.am | 4
tests/nwfilterschematest | 11
6 files changed, 831 insertions(+), 2 deletions(-)
[...]
+ <define name="addrMAC">
+ <choice>
+ <!-- variable -->
+ <data type="string">
+ <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
+ </data>
+
+ <data type="string">
+ <param
name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param>
+ </data>
+ </choice>
+ </define>
Hum, can you explain why you get apparently 2 completely different
format values ranges here (and in a number of other types), I'm a bit
lost.
[...]
Index: libvirt-acl/docs/schemas/domain.rng
===================================================================
--- libvirt-acl.orig/docs/schemas/domain.rng
+++ libvirt-acl/docs/schemas/domain.rng
@@ -894,6 +894,11 @@
<optional>
<ref name="address"/>
</optional>
+ <optional>
+ <element name="filterref">
+ <ref name="filterref-node-attributes"/>
+ </element>
+ </optional>
</interleave>
</define>
<!--
@@ -1577,6 +1582,22 @@
</element>
</define>
+ <define name="filterref-node-attributes">
+ <attribute name="filter">
+ <data type="NCName"/>
+ </attribute>
+ <optional>
+ <element name="parameter">
+ <attribute name="name">
+ <ref name="parameter-name"/>
+ </attribute>
+ <attribute name="value">
+ <ref name="parameter-value"/>
+ </attribute>
+ </element>
+ </optional>
+ </define>
+
<!--
Type library
@@ -1737,4 +1758,14 @@
<param name="pattern">[a-zA-Z0-9_\.\+\-/]+</param>
</data>
</define>
+ <define name="parameter-name">
+ <data type="string">
+ <param name="pattern">[a-zA-Z0-9_]+</param>
+ </data>
+ </define>
+ <define name="parameter-value">
+ <data type="string">
+ <param name="pattern">[a-zA-Z0-9_\.:]+</param>
+ </data>
+ </define>
</grammar>
I just find parameter-name/parameter-value a bit too generic names,
if you could make them more specific to the task, like
filter-param-name / filter-param-value
but it's minor, and it's good to have updated schema and augmented
testing
ACK
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
8:21 a.m.
Daniel Veillard <veillard(a)redhat.com> wrote on 04/06/2010 09:10:11 AM:
Please respond to veillard
On Mon, Apr 05, 2010 at 12:53:19PM -0400, Stefan Berger wrote:
> This patch adds a relaxng nwfilter schema along with a test that
> verifies all the test output XML against the schema. The input XMLs
> contain a lot of intentional out-of-range values that make them fail
the
> schema verification, so I am not verifying against those.
>
> Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
> Signed-off-by: Gerhard Stenzel <gerhard.stenzel(a)de.ibm.com>
>
> ---
> docs/schemas/Makefile.am | 3
> docs/schemas/domain.rng | 31 +
> docs/schemas/nwfilter.rng | 783
> ++++++++++++++++++++++++++++++++++++++++++++++
> libvirt.spec.in | 1
> tests/Makefile.am | 4
> tests/nwfilterschematest | 11
> 6 files changed, 831 insertions(+), 2 deletions(-)
>
[...]
> + <define name="addrMAC">
> + <choice>
> + <!-- variable -->
> + <data type="string">
> + <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
> + </data>
> +
> + <data type="string">
> + <param
> name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param>
> + </data>
> + </choice>
> + </define>
Hum, can you explain why you get apparently 2 completely different
format values ranges here (and in a number of other types), I'm a bit
lost.
Every item in the network filter xml can be a variable like $MAC or $IP.
So for the schema to validate a srcmacaddr="$MAC" I needed to add the
above 'variable' pattern.
I had a lot of problems finding a way to require a $ as first letter and I
ended up having to use the [\\$]{1} construct. Also I could not find a
switch for non-case-sensitive string comparison like other regexes have
(?i) or \i for example... I suppose there is none.
[...]
> Index: libvirt-acl/docs/schemas/domain.rng
> ===================================================================
> --- libvirt-acl.orig/docs/schemas/domain.rng
> +++ libvirt-acl/docs/schemas/domain.rng
> @@ -894,6 +894,11 @@
> <optional>
> <ref name="address"/>
> </optional>
> + <optional>
> + <element name="filterref">
> + <ref name="filterref-node-attributes"/>
> + </element>
> + </optional>
> </interleave>
> </define>
> <!--
@@ -1577,6 +1582,22 @@
> </element>
> </define>
>
> + <define name="filterref-node-attributes">
> + <attribute name="filter">
> + <data type="NCName"/>
> + </attribute>
> + <optional>
> + <element name="parameter">
> + <attribute name="name">
> + <ref name="parameter-name"/>
> + </attribute>
> + <attribute name="value">
> + <ref name="parameter-value"/>
> + </attribute>
> + </element>
> + </optional>
> + </define>
> +
> <!--
Type library
>
> @@ -1737,4 +1758,14 @@
> <param name="pattern">[a-zA-Z0-9_\.\+\-/]+</param>
> </data>
> </define>
> + <define name="parameter-name">
> + <data type="string">
> + <param name="pattern">[a-zA-Z0-9_]+</param>
> + </data>
> + </define>
> + <define name="parameter-value">
> + <data type="string">
> + <param name="pattern">[a-zA-Z0-9_\.:]+</param>
> + </data>
> + </define>
> </grammar>
I just find parameter-name/parameter-value a bit too generic names,
if you could make them more specific to the task, like
filter-param-name / filter-param-value
but it's minor, and it's good to have updated schema and augmented
testing
Ok, so I will rename those two to the names you suggest. Should I post
again before pushing it to the repository?
Stefan
ACK
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit
http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
10:40 a.m.
On Tue, Apr 06, 2010 at 09:21:50AM -0400, Stefan Berger wrote:
Daniel Veillard <veillard(a)redhat.com> wrote on 04/06/2010
09:10:11 AM:
>
> Please respond to veillard
>
> On Mon, Apr 05, 2010 at 12:53:19PM -0400, Stefan Berger wrote:
> > This patch adds a relaxng nwfilter schema along with a test that
> > verifies all the test output XML against the schema. The input XMLs
> > contain a lot of intentional out-of-range values that make them fail
the
> > schema verification, so I am not verifying against those.
> >
> > Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
> > Signed-off-by: Gerhard Stenzel <gerhard.stenzel(a)de.ibm.com>
> >
> > ---
> > docs/schemas/Makefile.am | 3
> > docs/schemas/domain.rng | 31 +
> > docs/schemas/nwfilter.rng | 783
> > ++++++++++++++++++++++++++++++++++++++++++++++
> > libvirt.spec.in | 1
> > tests/Makefile.am | 4
> > tests/nwfilterschematest | 11
> > 6 files changed, 831 insertions(+), 2 deletions(-)
> >
> [...]
> > + <define name="addrMAC">
> > + <choice>
> > + <!-- variable -->
> > + <data type="string">
> > + <param
name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
> > + </data>
> > +
> > + <data type="string">
> > + <param
> >
name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param>
> > + </data>
> > + </choice>
> > + </define>
>
> Hum, can you explain why you get apparently 2 completely different
> format values ranges here (and in a number of other types), I'm a bit
> lost.
Every item in the network filter xml can be a variable like $MAC or $IP.
So for the schema to validate a srcmacaddr="$MAC" I needed to add the
above 'variable' pattern.
Ah, okay, I understand now !
I had a lot of problems finding a way to require a $ as first letter
and I
ended up having to use the [\\$]{1} construct. Also I could not find a
switch for non-case-sensitive string comparison like other regexes have
(?i) or \i for example... I suppose there is none.
right. We are using XML Schemas datatype here, and the regexps are
defined in this appendix
http://www.w3.org/TR/xmlschema-2/#regexs
character $ has no special meaning in XML so doesn't need any escaping
http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc
<param name="pattern">$[a-zA-Z0-9_]+</param>
should just work fine I think, can you try ? If yes that's worth fixing
before the push :-)
[...]
> I just find parameter-name/parameter-value a bit too generic
names,
> if you could make them more specific to the task, like
> filter-param-name / filter-param-value
>
> but it's minor, and it's good to have updated schema and augmented
> testing
Ok, so I will rename those two to the names you suggest. Should I post
again before pushing it to the repository?
nahh, fine !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
11:28 a.m.
Daniel Veillard <veillard(a)redhat.com> wrote on 04/06/2010 11:40:02 AM:
Please respond to veillard
Ah, okay, I understand now !
> I had a lot of problems finding a way to require a $ as first letter
and I
> ended up having to use the [\\$]{1} construct. Also I could not
find a
> switch for non-case-sensitive string comparison like other
regexes
have
> (?i) or \i for example... I suppose there is none.
right. We are using XML Schemas datatype here, and the regexps are
defined in this appendix
http://www.w3.org/TR/xmlschema-2/#regexs
character $ has no special meaning in XML so doesn't need any escaping
http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc
<param name="pattern">$[a-zA-Z0-9_]+</param>
should just work fine I think, can you try ? If yes that's worth fixing
before the push :-)
$ is the end of line indicator in regular expressions. I needs to be
escaped, at the least.
I did push it already.
Stefan
[...]
> > I just find parameter-name/parameter-value a bit too generic names,
> > if you could make them more specific to the task, like
> > filter-param-name / filter-param-value
> >
> > but it's minor, and it's good to have updated schema and augmented
> > testing
>
> Ok, so I will rename those two to the names you suggest. Should I post
> again before pushing it to the repository?
nahh, fine !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit
http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
4:23 p.m.
On Tue, Apr 06, 2010 at 12:28:27PM -0400, Stefan Berger wrote:
Daniel Veillard <veillard(a)redhat.com> wrote on 04/06/2010
11:40:02 AM:
> Please respond to veillard
>
> Ah, okay, I understand now !
>
> > I had a lot of problems finding a way to require a $ as first letter
and I
> > ended up having to use the [\\$]{1} construct. Also I could not find a
> > switch for non-case-sensitive string comparison like other regexes
have
> > (?i) or \i for example... I suppose there is none.
>
> right. We are using XML Schemas datatype here, and the regexps are
> defined in this appendix
> http://www.w3.org/TR/xmlschema-2/#regexs
> character $ has no special meaning in XML so doesn't need any escaping
> http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc
>
> <param name="pattern">$[a-zA-Z0-9_]+</param>
>
> should just work fine I think, can you try ? If yes that's worth fixing
> before the push :-)
$ is the end of line indicator in regular expressions. I needs to be
escaped, at the least.
Not in XML Schemas regexp, see my link search for '$'
as posted http://www.w3.org/TR/xmlschema-2/#regexs
----------------------------------
Note: Unlike some popular regular expression languages (including those
defined by Perl and standard Unix utilities), the regular expression
language defined here implicitly anchors all regular expressions at the
head and tail, as the most common use of regular expressions in
·pattern· is to match entire literals.
----------------------------------
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
2:29 p.m.
Daniel Veillard <veillard(a)redhat.com> wrote on 04/06/2010 11:40:02 AM:
Please respond to veillard
On Tue, Apr 06, 2010 at 09:21:50AM -0400, Stefan Berger wrote:
> Daniel Veillard <veillard(a)redhat.com> wrote on 04/06/2010 09:10:11 AM:
>
>
> >
> > Please respond to veillard
> >
> > On Mon, Apr 05, 2010 at 12:53:19PM -0400, Stefan Berger wrote:
> > > This patch adds a relaxng nwfilter schema along with a test that
> > > verifies all the test output XML against the schema. The input
XMLs
> > > contain a lot of intentional out-of-range values that
make them
fail
> the
> > > schema verification, so I am not verifying against those.
> > >
> > > Signed-off-by: Stefan Berger <stefanb(a)us.ibm.com>
> > > Signed-off-by: Gerhard Stenzel <gerhard.stenzel(a)de.ibm.com>
> > >
> > > ---
> > > docs/schemas/Makefile.am | 3
> > > docs/schemas/domain.rng | 31 +
> > > docs/schemas/nwfilter.rng | 783
> > > ++++++++++++++++++++++++++++++++++++++++++++++
> > > libvirt.spec.in | 1
> > > tests/Makefile.am | 4
> > > tests/nwfilterschematest | 11
> > > 6 files changed, 831 insertions(+), 2 deletions(-)
> > >
> > [...]
> > > + <define name="addrMAC">
> > > + <choice>
> > > + <!-- variable -->
> > > + <data type="string">
> > > + <param
name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
> > > + </data>
> > > +
> > > + <data type="string">
> > > + <param
> > >
name="pattern">([a-fA-F0-9]{1,2}:){5}[a-fA-F0-9]{1,2}</param>
> > > + </data>
> > > + </choice>
> > > + </define>
> >
> > Hum, can you explain why you get apparently 2 completely different
> > format values ranges here (and in a number of other types), I'm a
bit
> > lost.
>
> Every item in the network filter xml can be a variable like $MAC or
$IP.
> So for the schema to validate a srcmacaddr="$MAC" I
needed to add the
> above 'variable' pattern.
Ah, okay, I understand now !
> I had a lot of problems finding a way to require a $ as first letter
and I
> ended up having to use the [\\$]{1} construct. Also I could not
find a
> switch for non-case-sensitive string comparison like other
regexes
have
> (?i) or \i for example... I suppose there is none.
right. We are using XML Schemas datatype here, and the regexps are
defined in this appendix
http://www.w3.org/TR/xmlschema-2/#regexs
character $ has no special meaning in XML so doesn't need any escaping
http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc
<param name="pattern">$[a-zA-Z0-9_]+</param>
should just work fine I think, can you try ? If yes that's worth fixing
before the push :-)
My mistake. I could replace it everywhere and it works fine. I'll push
this fix.
- <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
+ <param name="pattern">$[a-zA-Z0-9_]+</param>
Stefan
4:24 p.m.
On Tue, Apr 06, 2010 at 03:29:08PM -0400, Stefan Berger wrote:
Daniel Veillard <veillard(a)redhat.com> wrote on 04/06/2010
11:40:02 AM:
> right. We are using XML Schemas datatype here, and the regexps are
> defined in this appendix
> http://www.w3.org/TR/xmlschema-2/#regexs
> character $ has no special meaning in XML so doesn't need any escaping
> http://www.w3.org/TR/xmlschema-2/#nt-SingleCharEsc
>
> <param name="pattern">$[a-zA-Z0-9_]+</param>
>
> should just work fine I think, can you try ? If yes that's worth fixing
> before the push :-)
>
My mistake. I could replace it everywhere and it works fine. I'll push
this fix.
- <param name="pattern">[\\$]{1}[a-zA-Z0-9_]+</param>
+ <param name="pattern">$[a-zA-Z0-9_]+</param>
okay, thanks :-)
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
5394
days inactive
5395
days old
7 comments
2 participants
participants (2)
-
Daniel Veillard -
Stefan Berger